the Air Vent

Because the world needs another opinion

Thoughts from a Computer Climate Guy

Posted by Jeff Id on November 23, 2009

So who got the files. There is a bunch of interesting stuff to speculate about, first Dr. Gavin Schmidt left this on SurReal Climate:

There seems to be some doubt about the timeline of events that led to the emails hack. For clarification and to save me going through this again, this is a summary of my knowledge of the topic. At around 6.20am (EST) Nov 17th, somebody hacked into the RC server from an IP address associated with a computer somewhere in Turkey, disabled access from the legitimate users, and uploaded a file FOIA.zip to our server. They then created a draft post that would have been posted announcing the data to the world that was identical in content of the comment posted on The Air Vent later that day. They were intercepted before this could be posted on the blog. This archive appears to be identical to the one posted on the Russian server except for the name change. Curiously, and unnoticed by anyone else so far, the first comment posted on this subject was not at the Air Vent, but actually at ClimateAudit (comment 49 on a thread related to stripbark trees, dated Nov 17 5.24am (Central Time I think)). The username of the commenter was linked to the FOIA.zip file at realclimate.org. Four downloads occurred from that link while the file was still there (it no longer is).

So from Gavin we have Turkey.

From Steve McIntyre we have a Russian link left several hours before the Air Vent.

The IP address of the commenter at CA was Russian 82.208.87.170.

From the Air Vent we have a Saudi Server 212.116.220.100

So here’s my take on it:

There are plenty of possibilities within a narrow range. I’m a bit of a computer guy and a bit climate science so I can tell that this was done by someone or a group with significant knowledge of both computers and the issues. The hacking of a server (RC) took a bit of doing but the collation of the files took a great deal of time (and understanding). Someone knew the issues skeptics have been focused on, and this file set seems to have been associated with the skeptic FOIA requests.

Another possibility is the FOIA was compiled by someone else and when blocked (illegally by government officials), one computer guy released them.  Apparently there were FOIA requests for all of this information revealed so you can imagine the time and understanding it takes to sort through this much scientific info and pick the relevant bits. – which they did “perfectly”.

Then we have the release of the info from proxy servers in less than friendly countries. This is not unsophisticated and made me think of a government agency first. Someone with resources and knowledge. Who’s going to be able get a proxy link from Russia, Saudi Arabia or Turkey and which proxy sent the email to those? They knew what they were doing.

So if we have absolutely perfect sorting of data for FOIA info– it almost had to be compiled during the investigation (removal of all email header info and renaming) was almost certainly done by a computer guy and despite the rejections of FOIA (through corruption – I would like to see more MSM coverage of this)perhaps some govt employee wasn’t thrilled. The total is compiled into a single zip file with all relevant code and details and emailed.

It all seems to me like a whistle blower who got ticked that FOIA was ignored (illegally). Perhaps someone who heard the conversations between Phil Jones and the Govt. officials. I doubt very much that this was a simple hacker, while busting computers is revered amongst movie fanatics, it doesn’t seem particularly amazing to me however it is not unskilled. Knowing which issues to deliver though is the result of someone with real knowledge. If it were a hack, the file had been prepared by FOIA officials and the contents must have been known by the hackers – headers removed and all. If it is a whistle blower, they were the CS guys working with the climate scientists who got ticked off at the asinine discussions of what was going on.

What do you think?


83 Responses to “Thoughts from a Computer Climate Guy”

  1. Motorhead said

    Any chance this blog could list the names of the offenders involved here as well as their employers? Such as universities, government agencies, etc. I plan on writing letters to the employers/funders of these guys but am having a bit of a problem putting together who goes where.

    I will fire off a letter to both my Senators and congressman too.

    I thought that the list of names and locations might help anyone else out who has the same desire to write each employer and request how this issue is being handled.

  2. Steve Fitzpatrick said

    Inside job. Someone, maybe the same person who sent the raw data files to Steve McIntyre, had a combination of access and ability.

    As Lucia noted earlier today, it makes no sense that all the personal stuff was removed; only climate science stuff remained. Someone spent a fair amount of time selecting the emails and documents, and did not want to post everyones personal lives on the internet.

    It almost has to be a principled inside person…. AKA whistle-blower. Likely they will never find who did it (until I am long dead, and they write a ‘tell-all’ book). We could call this person ‘deep-vortex’.

  3. Joe NS said

    A wonderfully illuminating post! It never occurred to me that “Whistleblower” had access to whoever was processing the FOIA requests. How better to get onto the net exactly what the skeptics were looking for than to have access to some compilation that had ALREADY been put together in response to what the skeptics were looking for?! That IS what you’re suggesting, Jeff, right? Marvelous work!

    Of course, given that Air Vent is a natural site for this material to end up on, the door is left open, IMHO, just a wee bit that you know more than you are saying.

  4. stevemcintyre said

    #2. There was no “mole”. A version of the data that they refused to provide had been left on their FTP site. I just happened to notice it one day.

  5. Joe NS said

    re 3:

    “. . . you know more than you are saying.”

    Too strong. I see that now. Better (and fairer) would be “. . . you ‘suspect’ more than you are saying.”

  6. Jeff Id said

    #3 As my wife will tell you, I know far less than what I’m saying. haha. It’s just speculation.

  7. Ian said

    I’m not sure it really makes much difference whether it was a “hack” in classic movie fashion, or a “whistle blower” (also in classic movie fashion) or somewhere in between (e.g., a person who had some internal assistance at either the CRU end or the RC end to collect or disseminate the information, respectively). Let’s be thankful that the information is out there, and make sure that it leads to the changes so necessary in this field.

    That being said, if GS is correct, and they managed to “hack” into RC’s website to upload the information, then it does tend to suggest a hacker in the classic sense, more than a “whistle blower”. There’s a “gotcha” aspect to the attempt use RC’s website to distribute the file, that (in my mind at least) takes it somewhat outside the classic whistle blower scenario.

    Alternatively, it could easily be a hybrid situation – an interal source in the CRU who is disturbed by the attitudes of the principals involved and approaches that have been taken, who provides access to the “hacker”.

    Anyone started the novel yet?

    Cheers.

  8. [...] more here: Thoughts from a Computer Climate Guy « the Air Vent Tags: address-associated,  and-uploaded,  around-6-20am,  disabled-access,  [...]

  9. Eric Barnes said

    Given the scruples of Mann and Jones and the absolute toadiness of the rest of the team can we really discount anything (other than the laughable “someone hacked the RC Server”).

  10. Carrick said

    82.208.87.170 is a proxy.

    212.116.220.100 is on a proxy too.

  11. someone who resembles the Chesire Cat said

    some hopefully useful links

    http://www.whatdotheyknow.com/ make FOI requests online.

    http://www.writetothem.com/ to identify your mp.

    http://www.bbc.co.uk/bbctrust/contact/index.shtml bbc trusts contact page (i found their coverage beneath contempt)

    http://www.ofcom.org.uk/contactus/ ofcoms contact page

  12. hunter said

    What evidence at all is there that anyone hacked stuff *into* RC, besides Gavin’s assertions?
    Why RC? Why not the other places, like Cliamte Skeptic who received the link.
    I think Gavin is once gain confabulating a story.
    I think the only thing that happened to him is that he received an e-mail with a link, panicked when he realized what happened, went offline a few hours to consult with his pals, and then got back online.
    Is there any evidence of this strange assault on him at all?

  13. Marc said

    Accessing systems from other IP addresses is rather trivial. I’m doing it right now. The IP I’m posting from may show up as bing in the UAE and your logs will tell you I’m on a Win 32 Firefox system. I’m actually on a Mac in the Midwest. That doesn’t changes anything Jeff is speculating on, much. It still takes good IT skills to do what the anonymous source did.

    Hacking a WordPress server can be easy if they haven’t updated their WP install. Real Climate uses WordPress.

    If it’s an insider they may have even had an account on the RC server or they could have social hacked it. That is get a user name and password from someone just from conversation or see it on that post-it note in their office.

    This did take some planning. One thing I’m courious about though is that the info didn’t show up on WikiLeaks first. For the computer guy I would think that would be the first place to post it. Hacking RC, I think, shows some animosity aimed at them.

  14. BarryW said

    Would that Michel Crichton were still with us. Imagine the novel he could make from this.

  15. twawki said

    Monbiot apologies
    BBC had files 2 weeks prior
    Heads about to roll in Australian politics

    More here; http://www.twawki.wordpress.com

  16. Ryan O said

    Hacking isn’t the hard part, nor is using proxy servers and pretending you’re from Zimbabwe. All that is pretty mundane.

    Me, I’m far more impressed with what was on the FOI2009.zip file. To me, that makes it an inside job. I don’t see any way someone from outside UEA would have been able to put all of that together.

    Besides, if it was an IT guy at UEA, well . . . perhaps he does a bit of hacking on the side. ;)

  17. mitchell porter said

    Ryan O @16 “I don’t see any way someone from outside UEA would have been able to put all of that together.”

    If the objective was to make the case for some form of malfeasance, then an awful lot of irrelevant information was included. What about all the emails which are just conference announcements? Or the jumble of files in the top-level documents directory? That last part looks as if it might have been copied directly from someone’s personal account.

  18. don said

    I believe the “hacker” also stated this was a “random sample” of what was available. Does that mean there is more to be “hacked” or that there is more the “hacker” already has to release? In other words, is the hacker going to function as “deep throat” and keep trickling out stuff to keep the issue/investigation going? Maybe the “hacker” really is a mole on the Brits payroll, MI5 or 6, out to make life difficult for the labor government and, by extension, the Americans?

  19. mitchell porter said

    Hunter @12 “I think Gavin is once gain confabulating a story… Is there any evidence of this strange assault on him at all?”

    As I recall, comments weren’t working at RC for a while. That would be consistent with the idea that they were busy regaining control of their blog – remember, Gavin said that access for legitimate users had been disabled. (No doubt within a day or two someone with semi-expert knowledge of blog-hacking will step forward and give us a speculative forensic reconstruction.)

    The suggestion in comments 9 and 12 that Gavin is inventing this story I suppose can be attributed to the extreme mistrust towards RC felt by many individuals here, and to the relative inconsistency of this detail with the idea of a “whistleblower at CRU” or exasperated insider. But that is very far from being the only possible scenario. I think this is an outsider with I.T. skills, part of the skeptic community and a-priori hostile to AGW advocates. But I guess I shouldn’t speculate too much, unless I aim to create hypotheses for the purpose of rapid falsification by the next round of facts. :-)

  20. [...] the rest here: Thoughts from a Computer Climate Guy « the Air Vent Share and [...]

  21. Bill in Vigo said

    For some reason I feel it was an insider that was finally feed up with the goings on. If this person was given the task of going through file after file and email after email and collecting them to be deleted if a FOIA was lost. All the information would have been there less the personal stuff ready to be deleted if the “need arose”. In this case it would have been ready for transport to the proxy servers.

    Looks like an inside job to me. Who knows it might have been just a compilation on a server with public access and some one stumbled on to it and uploaded it.

    We will probably never know. Now knowing these characters and their impression of their wisdom and our ignorance I would not be surprised if this might be the case. Just a stupid mistake.

    Can’t wait for the official police reports to come out. It might be embarrassing for some one. I think heads will roll before this is over and it won’t be the whistleblower/hacker.

    Bill Derryberry

  22. [...] from:  Thoughts from a Computer Climate Guy « the Air Vent « Seth's Blog: Rupert Murdoch has it backwards Electronic Discovery and Computer [...]

  23. Erick Barnes said

    RE: Bill 21
    If you’re right Bill, this could be just the tip of the iceberg. This is the stuff that they put in the FOI request? What was deleted? Maybe it’s still there? Sad days.

  24. Charlie said

    A hacker wouldn’t spend a lot of time removing truly personal e-mails. There wasn’t personal chit-chat in the FOIA2009 file.

    No hacker would spend a lot of time removing extraneous, uninteresting e-mails, such as rescheduling of meetings. That sort of e-mail wasn’t part of the file.

    I don’t know the basis used to select the e-mails, but it was done by somebody that had a pretty good feel for what was important.

    ——————-

    The hypothesis that it was some sort of file prepared as a response to an FOI has some merit, but the range of topics don’t match up with any FOI subject I can come up with. Having e-mails up to a day or two before the file was leaked also doesn’t match up with a normal FOI.

    My hypothesis is that it was an inside job. Perhaps by someone that inspired by FOIs and the CRU’s non-responsiveness to FOIs.

    The accidental leak of a file prepared in response to FOI doesn’t quite fit, since the subject range is too broad. Maybe, just maybe, it was a packet of files put together by someone in IT by searching in response to FOI, but it doesn’t quite fit.

    Intriguing.

  25. braddles said

    I’m puzzled why anyone would even attempt to hack into RealClimate with this. There were any number of ways to easily release the information; posting it somehow at RC through a sophisticated hack, which ultimately failed, would not seem a good option, and even if successful would probably have reduced the credibility of the information.

  26. crosspatch said

    I would wonder if Jones was ever sent credentials for guest posting articles to RC.

  27. TGSG said

    wasn’t there an e-mail…. yes, yes there was….1256353124.txt in which an attempt at humor was made re: password and username? they couldn’t have been so stupid. could they?

  28. Squidly said

    I am not believing any account by Gavin Schmidt. I have been working with computers for 30 years, I know systems pretty well. I am not believing that the person(s) responsible for distribution of the .zip file made ANY attempt to hack into and upload the files to RealClimate.org. Makes absolutely NO sense to do so and given how the .zip file was ultimately distributed, hacking RealClimate.org would have been a complete waste of time and further, would have been too risky. They would have been gravely risking identification. Nah, the whole RealClimate.org explanation is complete bullshit. Not believing it for a second.

  29. The first thing my publisher asked on Friday morning was “was it you”? I deny everything!!!

  30. Squidly said

    Oh, and I would also point out, I would not put too much emphasis on the IP address. The suggestion that the IP addresses listed above are from Russia and Saudi Arabia may not be entirely accurate. Through the ARIN database (http://ws.arin.net/whois/) you get the information for the RIPE Network (http://www.db.ripe.net/whois):

    The Russian IP address:
    (82.208.87.170)
    inetnum: 82.208.87.128 – 82.208.87.191
    netname: SSMNN-NET
    descr: Personal network for SpecSviazMontag Ltd
    descr: About abuse activity please
    descr: e-mail to abuse@mts-nn.ru
    country: RU
    admin-c: OAY3-RIPE
    tech-c: OAY3-RIPE
    status: ASSIGNED PA “status:” definitions
    mnt-by: NMTS-MNT
    source: RIPE # Filtered
    person: Oleg A Yegorov
    address: OOO SpecSviazMontag
    address: 13/34, Panfilovcev str, Nizhniy Novgorod
    address: Russia
    phone: +7 8312 253448
    e-mail: oleg@ssmnn.com
    nic-hdl: OAY3-RIPE
    source: RIPE # Filtered
    route: 82.208.64.0/18
    descr: OJSC VolgaTelecom Autonomous System
    origin: AS25405
    mnt-by: NMTS-MNT
    source: RIPE # Filtered

    The Saudi Arabia IP address:
    (212.116.220.100)
    inetnum: 212.116.215.0 – 212.116.223.255
    netname: SA-FAISALIAH
    descr: PROVIDER
    country: SA
    admin-c: AR1254-RIPE
    tech-c: AR1254-RIPE
    status: ASSIGNED PA “status:” definitions
    mnt-by: AAA28-RIPE-MNT
    mnt-lower: AAA28-RIPE-MNT
    mnt-routes: AAA28-RIPE-MNT
    source: RIPE # Filtered
    role: AwalNet Role
    address: Akariah 3, 8th Floor, Olaya St.
    address: P.O.Box 50, Riyadh 11372, Saudi Arabia.
    address: see http://www.awalnet.com
    phone: +966 1 4600111
    fax-no: +966 1 4601110
    remarks: trouble: abuse@awalnet.net.sa
    admin-c: AAC4-RIPE
    admin-c: KA1234-RIPE
    tech-c: ATC1-RIPE
    nic-hdl: AR1254-RIPE
    remarks: This Role object is for handling and maintaining all
    remarks: IP Blocks registered by AwalNet
    source: RIPE # Filtered
    abuse-mailbox: abuse@awalnet.net.sa
    route: 212.116.192.0/19
    descr: Saudi Arabia backbone and local registry address space
    descr: AwalNet
    origin: AS25233
    mnt-by: AAA28-RIPE-MNT
    source: RIPE # Filtered

    Both IP addresses originate through the RIPE Network, which is very commonly used for IP spoofing because they are the backbone for most of the European/Eurasian countries. I have had to battle blocking these from my own servers for quite some time. Most of the people that have used IP addresses originating from these networks and have hammered my own servers, were in fact really here in the US. That is not to say that the people involved in the distribution of the FOI.zip file were here in the US, it just illustrates that they could in fact be anywhere in the world.

    All of this suggests to me that these IP addresses were spoofed, which is not very difficult to do. One can easily download several freeware utilities that will assist you in spoofing your IP address. Even my daughter can do this.

  31. mitchell porter said

    Charlie @23: “I don’t know the basis used to select the e-mails, but it was done by somebody that had a pretty good feel for what was important.”

    Two possibilities that have occurred to me: the researchers may have had labeled mail folders; and there may have been crude keyword filtering (e.g. include anything with the word “Yamal”).

    There are a very large number of emails which are manifestly banal, at least from the perspective of someone looking for wrongdoing. Two random examples: 939003588 – agenda for a meeting. 968127296 – former PhD student seeks to get re-hired.

    So while I agree that *something* has filtered the emails in their journey from the researchers’ inbox to Internet release – no spam, no non-work emails – it is not anything as simple as “whistleblower sees wrongdoing, and releases specific evidence”. Even if we go with the FOI hypothesis – this is a collection of files put together by CRU in the course of responding to a FOI-type request – there is a huge heap of irrelevancy in the zipfile that never got removed.

    Braddles @24: “I’m puzzled why anyone would even attempt to hack into RealClimate with this. There were any number of ways to easily release the information; posting it somehow at RC through a sophisticated hack, which ultimately failed, would not seem a good option, and even if successful would probably have reduced the credibility of the information.”

    I think you’re judging the plan too much on the basis of the unforeseeable and contingent way that things turned out. Consider how it would have looked if the hack had succeeded! RC itself, however briefly, would have been turned into a platform for the dissemination of the pirated data. If you had the power, of course you’d do it that way. No disrespect to Jeff, but I suspect that making the announcement here was a hasty Plan B.

  32. Squidly said

    mitchell porter said
    November 24, 2009 at 3:56 am

    I think you’re judging the plan too much on the basis of the unforeseeable and contingent way that things turned out. Consider how it would have looked if the hack had succeeded! RC itself, however briefly, would have been turned into a platform for the dissemination of the pirated data. If you had the power, of course you’d do it that way. No disrespect to Jeff, but I suspect that making the announcement here was a hasty Plan B.

    Again, you are assuming that RC was indeed hacked, or an attempt was made. I seriously doubt that. I think the proclamation by Gavin to this notion is nothing more than trying to play the victim card in a CYA maneuver. Not buying it, as it would make no sense to do such a thing. Waste of time.

  33. mitchell porter said

    Squidly @30, of course I like my own hypothesis, but it’s making sense to me. RC was the enemy (for the hacker/leaker) all along. The intention was to turn the tables and give all those RC readers a glimpse of the truth. But as the military maxim has it, no battle plan survives contact with the enemy. My guess is that RC was alerted to the problem when one of the regular posters tried to log in and couldn’t, they called the admin (or whoever) and discovered the intrusion, and so “FOIA” resorted to tAV and CA.

  34. Emil said

    “Then we have the release of the info from proxy servers in less than friendly countries. This is not unsophisticated and made me think of a government agency first.”

    No true, it’s quite simple: google for “open proxy lists” … lots of computers with poorly configured proxies out there. I used such lists to check against funny payment orders.

    “removal of all email header info and renaming” … looks like copy/paste from an email client.

    In the mails there are clues of timid dissent among the team … so my bet is some junior member got tired of the b….t.

  35. crosspatch said

    I seriously doubt that the file was obtained by someone who had to circumvent security to gain access. They might have violated policy and that might be grounds for termination but something about this says that the file was freely accessible to someone who made a copy of it.

    The “hacker” notion is, I believe, a load.

  36. PaulM said

    One thing that nobody has commented on much is the tone and language of the announcement:

    “We feel that climate science is, in the current situation, too important to be kept under wraps.

    We hereby release a random selection of correspondence, code, and documents.
    Hopefully it will give some insight into the science and the people behind it.

    This is a limited time offer, download now”

    This is not the language of a Russian hacker! It is definitely the language of a native English speaker, and I would say British English (words like ‘hopefully’, ‘hereby’) – would you US guys use this sort of language? Also it sounds to me like the language of someone at least say, 35 years old.

    But I’m not saying it’s an inside job. Hacking in to academic systems is not difficult and they tend to be open Unix systems where the default is that anyone on the system can see everyone else’s files.

  37. Phil said

    PaulM #34

    You’re absolutely right, that’s formal educated English of the sort that you’d find in the introduction to a scientific paper.

    Except for the tagline – that has a comma where I’d expect a dash or semicolon, plus it’s more colloquial. If written with the same tone as the first part (or by the same person?) I’d have expected something more like “This offer will be available for a limited period only – we advise you to download it immediately.”

    Oh, and one more thing I’ve just noticed. It says “We”. *We* feel. *We* hereby release.

    So who is “We”? Curiouser and curiouser…

  38. mlsimon said

    How about this: it is an internet security guy. Maybe at CRU.

    A security guy would know all the tricks. To keep up with his trade.

    It need not be a conventional hacker.

  39. mlsimon said

    It is definitely the language of a native English speaker, and I would say British English (words like ‘hopefully’, ‘hereby’) – would you US guys use this sort of language?

    For hereby substitute “are releasing” in American.

    Hopefully is not out of the question for American syntax. Within one standard deviation is my estimate.

    In fact it may be some one who has spent a lot of time in America and got influenced by American style because for the most part (“hereby” excluded) it sounds American. But if the guy writing it is a lawyer a “hereby” might be rather common.

    So maybe there is a “we”. An inside guy. An outside guy. A Lawyer. Mix and match is also possible. The inside guy might be a lawyer. Or the outside guy might be a lawyer and a security guy.

    So much speculation. So little time.

  40. mlsimon said

    So while I agree that *something* has filtered the emails in their journey from the researchers’ inbox to Internet release – no spam, no non-work emails – it is not anything as simple as “whistleblower sees wrongdoing, and releases specific evidence”. Even if we go with the FOI hypothesis – this is a collection of files put together by CRU in the course of responding to a FOI-type request – there is a huge heap of irrelevancy in the zipfile that never got removed.

    Including a LOT of irrelevant material is how you slow the examination.

  41. Squidly said

    I personally don’t believe it was a hacker at all. Doesn’t look like hacker methods to me (IMHO).

  42. Luke Warmer said

    Aplogies in advance for sounding like TCO (many of you will remember him) – but all of this speculation (not just here) about the source of the hacks is diversionary and reads like attention deficit disorder.

    The factual implications of Harry’s read me should be the main focus of those who can read code in order to put some incontrovertible and un-context specific meat on the bones of this hack. I would but I don’t have the ability.

    Much of the mainstream media seems to be moving on or satisfied with the semantics of the word ‘trick’. They’re clearly not going to do the work that is required to show how problematic this stuff is.

    There are a couple of FoIA complaint letters already in to the commissioner in the UK but apart from that, even the calls for a fuller enquiry will likely flounder.

    Don’t flame me, but if I was a warmer I’d be laughing at this part of the sideshow.

  43. vg said

    could it be someone on the team that saw the light of day? after all he/she will end up being a hero in the end.

  44. dearieme said

    “So who is “We”? ” Bloody hell, it’s Her Majesty.

  45. twawki said

    OT but we are going into meltdown mode in politics over here in Australia. Extraordinary scenes as the leader of the opposition walks out, then claims victory for the ETS despite not having it. Looks like Turnbull wont last the week and I would say K Rudd is next in line.

    http://www.twawki.wordpress.com

    Also see Andrew Bolt’s blog – its going into meltdown over the issue;

    http://blogs.news.com.au/heraldsun/andrewbolt/

  46. Luke Warmer said

    Re previous post – just impatience not trying to be rude:

    All code busters see this thread at Bishop Hill’s:

    http://bishophill.squarespace.com/blog/2009/11/23/the-code.html

    The Bish has a way with words but not the code itself.

  47. Hoi Polloi said

    Indeed speculating about the source of the FOIA files is superfluous. It is distracting from the real deal dismantling the Mann/Jones cabal and investigating their codes. Eventually it will come out in the open who sent or discovered the files on their FTP server.

  48. Joe NS said

    Perhaps NOTHING in the files is “irrelevant.” Perhaps there are clues there, planted by an insider, to instigate lines of investigation, also perhaps, in a not-unheard-of manner, clues to “Whistleblower’s” identity, along the lines of “Come. Talk to me. I’ve got plenty more to say.”

    I don’t think this is a waste of time at all. If this is a colleague of Jones et al., then he’s in a position, once identified, of informing us of the dimensions of the emerging fraud.

  49. gravamen said

    Wikipedia articles that should record this event in a neutral and balanced manner, with journalist-written sources (best to discuss on the talk page, don’t just start editing directly):

    http://en.wikipedia.org/wiki/Climatic_Research_Unit_e-mail_hacking_incident

    http://en.wikipedia.org/wiki/Phil_Jones_(climatologist)

    http://en.wikipedia.org/wiki/Michael_E._Mann

    http://en.wikipedia.org/wiki/Hockey_stick_controversy

  50. Kondealer said

    I have just made an official complaint to the UK F.O.I Commissioner (http://www.ico.gov.uk/) about UEA/CRU rejection of my FOI requests.

    We now know from these leaked emails that Professor Jones (allegedly) sent to Ben Santer saying (see below) how he had colluded with their F.O.I officers to reject legitimate requests.

    Ben,
    When the FOI requests began here, the FOI person said we had to abide
    by the requests. It took a couple of half hour sessions – one at a screen, to convince
    them otherwise showing them what CA was all about. Once they became aware of the types of people we were dealing with, everyone at UEA (in the registry and in the Environmental Sciences school- the head of school and a few others) became very supportive. I’ve got to know the FOIperson quite well and the Chief Librarian – who deals with appeals. The VC is also aware of what is going on – at least for one of the requests, but probably doesn’t know the number we’re dealing with. We are in double figures.

    One issue is that these requests aren’t that widely known within the School. So
    I don’t know who else at UEA may be getting them. CRU is moving up the ladder of
    requests at UEA though – we’re way behind computing though. We’re away of
    requests going to others in the UK – MOHC, Reading, DEFRA and Imperial College.
    So spelling out all the detail to the LLNL management should be the first thing
    you do. I hope that Dave is being supportive at PCMDI.
    The inadvertent email I sent last month has led to a Data Protection Act request sent by a certain Canadian, saying that the email maligned his scientific credibility with his
    peers!
    If he pays 10 pounds (which he hasn’t yet) I am supposed to go through my emails
    and he can get anything I’ve written about him. About 2 months ago I deleted loads of
    emails, so have very little – if anything at all.

    Phil

  51. PaulM said

    Yes, I agree – the source of the leak is a trivial issue compared with the contents of the emails.

    The story is getting some quite good publicity here in the UK. Most amazingly,

    GEORGE MONBIOT CALLS FOR JONES TO RESIGN

    http://www.guardian.co.uk/commentisfree/cif-green/2009/nov/23/global-warming-leaked-email-climate-scientists

    (for those who don’t know, Monbiot is a far-left enviro-activist whose articles are usually rants about ‘deniers’)
    As well as the top post, he makes some very contrite remarks lower down in the comments.

    Also the emails were the top story on the BBC Newsnight TV programme last night.
    Fred Singer and Nigel Lawson were interviewed, and the defence was attempted by Robert Watson from UEA.

  52. RobWillie said

    By far the worst part about this fraud is that in the US it will become political theater. The Democrats have taken up the cause of global warming and will not be diverted from their cause just because its advocacy instead of science. For the most part politicians don’t understand science anyway.

    I predict this will not prevent our Democratic lawmakers from pushing a climate bill that is based on manufactured data. And these revelations will not prevent folks like Al Gore from spouting their garbage from a mountain top either.

    The fact that it is all a fraud and these people are nothing but political hacks will change nothing about the debate.

  53. gianmarko said

    that cannot be the work of a “hacker”, it has to be an inside job from someone with direct and high level access to the CRU IT infrastructure. the IT infrastructure of a company or organization rarely consists of a single box that anyone can access. there are usually different servers (mail, intranet, webservers, ftp etc) and surely not everybody has root access to them. for an hacker to gain access to all the servers needed to collect all that info, the CRU IT infrastructure security would have to be worse than that of your daughter’s laptop.
    even for an insider would be a major task to access all the required servers. then there is the issue of the mail filtering, because it is obvious that mostly relevant mails have been included in the zip file, compound this with the fact that mails up to the day before are in the zip file, and the fact that the file contains 13 years old mails (which not necessarily are available on a mail server).
    i have worked in IT for 30 years, but it would be utterly impossible for me to access my corporate servers in order to collect data similar to the one in the FOI file, not to mention do it without leaving a trail.
    all this points to someone who has to be an IT specialist with high level access to CRU IT infrastructure, with a good knowledge of the whole climate change controversy (he knew exactly where to post the links to the zip file) , and with a plan; because it is obvious that all this was carefully planned.
    this is no hacker job, this is the work of an extremely knowledgeable and motivated insider.
    shows that there is still hope.
    the RC hack story is preposterous.
    i also dont believe this file was found by chance, who in his right mind would concentrate such a critical mass of explosive material in one zip file, let alone put it on a fpt server accessible from outside? we might be dealing with corrupt and dishonest people, surely not with ignorant idiots.

  54. Espen said

    The mails seem to have been exported from Eudora (there are references to attachments with Eudora directory names in them). I haven’t used Eudora for years, so I’m not sure if this looks like some standard export format, but it makes the theory that this had been prepared for a FOI case plausible, IMHO.

  55. MikeN said

    I don’t think RealClimate was hacked either. Couldn’t they have sent out a mail to Phil Jones or Keith or Tim about putting up their own post?

  56. Getting Hot in Here said

    As someone who loves reading conspiracy theories for the pure entertainment value, I personally don’t think it was a hack. I think it was either a whistle blower or someone royally screwed up (and left the file on an unsecured server and the “right” person found it). The hacker story seems fabricated to me. For them, it is a lot more comfortable to talk to the press about how someone else broke the law and stole the data, rather than answering the uncomfortable questions about what is in the files. Not that I’m saying the researchers broke the law (a hint of pseudo-science where they only look at the data that supports their theory, perhaps, but no law breaking).

    That or it was the reptilians.

  57. Jeff Id said

    One point from the post was that header information was removed. Also, I see a comment that these were not the subject of known FOIA’s. As far as I know, all of this information had been requested. All headers removed, all personal details removed and an official numbering system assigned to the emails. Nearly all of the emails are pertinent to the science being investigated on various climate blogs (mostly CA).

    I was surprised by the emails but Dave Holland had apparently requested them. Steve M sent this link.

    http://blogs.sciencemag.org/scienceinsider/2009/11/in-climate-hack.html

    Also, us bloggers on the outside are called conspiracy theorists, denailists and all kinds of rubbish but consider what it means when a link like this is dropped in several prominent places and it takes days to be noticed. I believe Steve Mosher was the first to mention it — pretty hard to do anything first on the internet. Nobody is out here claiming the end of global warming or anything similar. There have been a few nice I told you so moments regarding peer review, the FOIA’s and the IPCC though. These files will have impact for a long time to come.

  58. gianmarko said

    nobody mentioned it, maybe because it is obvious or irrelevant. the number used in the filenames is a unix time stamp, the number of seconds from 01/01/1970.

  59. Mike said

    Could it be Harry? Some of his comments in the Harry_read_me.txt file sound pretty disgusted, and he is clearly familiar with the science and the people.

  60. Don B said

    “So from Gavin we have Turkey.” Don’t leave out cranberries and pumpkin pie.

    To me it is more like Christmas.

  61. Layman Lurker said

    #52 RobWillie

    I think that the political strategists in the Democratic camp are watching this evolve very closely. I don’t think the strategists are as blind to reality as many of the politicians themselves. No doubt they already considered that skepticism was growing even before this incident. They have to be thinking now that the AGW political game is going to change and may have even started looking at various scenarios of how such change will play out. No way that they want to sew the seeds of their own demise.

    My prediction: Following some time to let the issues evolve and to assess the politics, the current administration will play a card equivalent to a “Monbiot” – distance themselves from the AGW “clique”, and express cautious, qualified support for the science of AGW. This will reposition them to be much more flexible politically, and can then delay or abandon passage of bills etc. if political risks become too great.

    How’s that for speculation. :)

  62. Phil. said

    Squidly said

    November 24, 2009 at 4:01 am
    mitchell porter said
    November 24, 2009 at 3:56 am

    I think you’re judging the plan too much on the basis of the unforeseeable and contingent way that things turned out. Consider how it would have looked if the hack had succeeded! RC itself, however briefly, would have been turned into a platform for the dissemination of the pirated data. If you had the power, of course you’d do it that way. No disrespect to Jeff, but I suspect that making the announcement here was a hasty Plan B.

    Again, you are assuming that RC was indeed hacked, or an attempt was made. I seriously doubt that. I think the proclamation by Gavin to this notion is nothing more than trying to play the victim card in a CYA maneuver. Not buying it, as it would make no sense to do such a thing. Waste of time.

    And yet a link to http://www.realclimate.org/FOIA.zip was made in CA on November 17th, 2009 at 5:24 am
    So someone thought it wasn’t a waste of time.

  63. Jeff Id said

    #62, I agree with Squdly except that it was probably C or D. Now if RC was indeed hacked, doesn’t that sound like a pissed off student rather than an older persons action. Why turn it into a stunt?

  64. PR Guy said

    Occam’s Razor. I think ‘hacked’ is too strong of a word to apply to the RC incident. Most likely, one of the emails contained the admin password to RC. It seems like it was common practice for these guys to send passwords around via email. The whistle blower, having already obtained the emails was now looking for a way to get the file out. He merely signed into the rc account, changed the access privileges of the other authors, and then created a post. He then just used the little scheduler thingy to schedule the post for publication. For people who are not familiar with blogging software — all of this would be easy to do if you had the password to the account.

    Then, when the post didn’t happen, the guy looked for another way to get it out, and found the proxy servers.

    I’m not seeing this as requiring major computer skills. Any IT guy or programmer type (read: climate scientist) could have done this.

  65. Eric Anderson said

    “Hereby” is regularly used in formal documents in the U.S. Pull out any contract your company has with another organization and you’ll find the word, often several times.

    “Hopefully” is very common in the U.S.

  66. Duke C. said

    57.Jeff Id said
    November 24, 2009 at 9:37 am
    One point from the post was that header information was removed. Also, I see a comment that these were not the subject of known FOIA’s. As far as I know, all of this information had been requested. All headers removed, all personal details removed and an official numbering system assigned to the emails. Nearly all of the emails are pertinent to the science being investigated on various climate blogs (mostly CA).

    The email .txt filenames are in Unix Epoch Time which can easily be decoded. The last file in the folder (1258053464.txt) converts to Thu 12 Nov 2009 14:17:44 GMT which matches exactly with the date/timestamp at the top of the page:

    From: “Thorne, Peter (Climate Research)”
    To: “Phil Jones”
    Subject: Letter draft
    Date: Thu, 12 Nov 2009 14:17:44 -0000

    Interestingly, The first email in the folder (90826209667.txt) converts to Wed 31 Dec 1969 08:00:00 GMT- One day before the official start of Unix Epoch Time. The archiving method may have treated emails differently, perhaps based on where they originated from. Converting the .txt filenames to the actual dates/times may yield some interesting timelines that march up with other events. Don’t have time right now to look at this further.

    Anyone interested can use the Date/Epoch time converter found here:

    http://www.esqsoft.com/javascript_examples/date-to-epoch.htm

  67. Plimple said

    If it is really associated with an FOI request info bundle, then why are there elements in the documents section totally unrelated to FOI requests?

    Your hypothesis only fits with half of the observables but is inconsistent with the other half.

  68. Plimple said

    Let, me be more specific, I am referring to documents in the FOIA.zip that are publicly available on the web. Do you think that these materials were subject to ongoing FOI requests? Maybe, they were attachments in emails, but if so, where are the emails that carried these documents? Certainly not in the FOIA.zip email bundle. I’ve checked and couldn’t find them. It seems that either a large bunch of emails and their respective attachments have been scraped and we’re only seeing a subset of those emails, or a previously compiled FOI email bundle was release whistle-blower style or hacked along with a large group of some files some of which appear to be unrelated to the FOI requests. Even if you assume the latter is correct, your statements that this parsing was done perfectly appear somewhat inaccurate; take 0950712852.txt as an example. How do some emails to and from Mike Hulme regarding funding bids relate to ongoing FOI requests about code and data?

  69. MikeN said

    Could the CRU data have been gathered because an e-mail with a password or an FTP location was sent to the wrong person? That would then mean no hacking or leaking, but bad security all around.

  70. Jeff Id said

    A lot of these explanations seem plausible to me.

    Plimple, there are a few items which seem unrelated but we don’t know all of the FOIA’s either, did someone ask for funding? There is no way in my opinion that this could have been done by someone who didn’t know the issues.

  71. Plimple said

    Your suggestion is certainly possible and did cross my mind, but Mike was never involved in any of the controversies to my knowledge. I certainly agree that whoever created the FOIA.zip had intimate knowledge of the issues.

    Hacking laws rely upon proving the guilty party knew that they were accessing a private system with the intention of obtaining data and not upon the means that were used.

  72. [...] Thoughts from a Computer Climate Guy « the Air Vent [...]

  73. Eric said

    I think it was the NSA of the USA taking matters into their hands after the last FOI request was denied. Climate change is that last thing that Obama wants to deal with now that he is actually president is confronted by real problems… but he made so many promises!

  74. MikeN said

    Eric isn’t it more likely to be Russians, now that their carbon emissions are higher and they have less opportunity to profit?

  75. Bruce the Canuck said

    This is all wild speculation re the origin. Re Gavin, he seems like your normal geeky sciences academic. You might disagree with him, you may argue he’s over-committed to one point of view, and he probably shouldn’t be posting during working hours, but I think the most sane readers know better than to claim he’s dishonest.

    Re posting during working hours – firstly: Cm’on guys, let he who hath not sinned cast the first stone there. Second, a scientist funded by grants working 100 hour weeks as is clearly Gavin’s lot, well I know a few, and working hours in many cases are from 4pm to 5am or a random 24/7 scatter. The lawsuit is pure harassment, to prevent him from responding to the allegations. Let’s all admit that the technique of harassing an opponent to stop them from debating is common to both left and right wing activists. The lawsuit makes your side look weak, not strong.

    This whole thing could easily result in blowback in the longer term. It could go either way, and the smarter activists on both sides know it. The content released so far isn’t as bad as you hoped, admit it. If it doesn’t get any “better”, what then?

    The end result will be a vicious campaign against working scientists that set its sights too broadly, a SLAP lawsuit, accusations that only play to the the choir on your side. You will have merely *proven* to journalists at large that after taking away the curtain, there was no conspiracy, only academics being academics, behaving in ways no grad student would blink an eye at. Yet their system, flawed as it is, has given us hundreds of years of incredible scientific progress.

    By the way, the “Harry” file? I’ve seen code running in US military hardware that was worse despite peer review. The real world of coding is not pristine; his work-in-progress bitching seems fairly normal (mostly just funny). Really it just speaks to the CRU group being underfunded and undermanaged.

  76. Resa said

    hello ..
    want to exchange links with me?
    if you agree put my links on this website ..
    and confirmation to me, then I can place your link on my blog ..
    how?

    thank you for your attention

  77. Wutt said

    Many people have been trying very hard all over the internet to minimize the significance of the Climategate emails. All kinds of reasoning are being used but, one tactic in particular of the “CRU fraud” deniers is:
    “there are overzealous activists/passionate people on both sides, the science has been around for a long time, just because these guys at CRU fabricated date doesn’t mean anything”.
    It most definitely is about one side (the Climategate conspirators) fabricating data, intimidating dissenters, subverting FOI requests, destruction/disposal of documents/evidence. Whether somewhere in the past “the other side” did the same, doesn’t minimize the crimes and deception being perpetrated here. Also science is not like wine or cheese. The science was fabricated then and it still is now! It doesn’t stop being a fabrication with age.

    At 54. Getting Hot in Here,
    There absolutely is indication of “law breaking”. In response to FOI requests, members of CRU contacted and dealt with employees/agents of FOI dept. and those requests were dismissed. Phil Jones, in an email to four other conspirators, told them to delete certain emails (illegal).
    And this just in today:http://www.timesonline.co.uk/tol/news/environment/article6936328.ece
    The destroyed evidence, excuse me “lost” the evidence. (it’s illegal to destroy evidence/documents).
    There is definitely a crime to be investigated at CRU.

  78. [...] East Anglia, which is now at the center of a storm over thousands of e-mail messages and documents either liberated or stolen from its servers (depending on who is describing the episode). [UPDATED 11:45 a.m. with a couple [...]

  79. mitchell porter said

    Latest from Gavin Schmidt on how the emails were obtained: “My information is that it was a hack into their backup mailserver.” More at comments 52, 63, 84. That doesn’t explain where everything in the ‘documents’ directory came from, however.

  80. [...] in case anyone missed this: our friendly climate inactivists Steve McIntyre and Jeff Id are saying that the CRU cyber-attacker’s comments on their blogs came from the IP addresses [...]

  81. [...] in case anyone missed this: our friendly climate inactivists Steve McIntyre and Jeff Id are saying that the CRU cyber-attacker’s comments on their blogs came from the IP addresses [...]

  82. Good web site! I truly love how it is simple on my eyes and the data are well written. I am wondering how I could be notified whenever a new post has been made. I’ve subscribed to your feed which must do the trick! Have a great day!

  83. Free website directory, Web directory. Add your website into free web directory and improve your search engine ranking and search engine position….

    [...]Thoughts from a Computer Climate Guy « the Air Vent[...]…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 142 other followers

%d bloggers like this: